Skip to main content

Lightspeed Smart Agent Deployment (macOS v2.3.1+ using Certificate Manager)

Description

Need to deploy the latest version of Lightspeed Smart Agent version 2.3.1 along with your configurations. FileWave has got you covered in this step-by-step guide to creating the required Filesets to deploy to your macOS devices. Be sure that you have access to your administrative account on relay.school.com.

This KB article involves using the new Lightspeed Certificate Manager method. If using the version below v2.3.1 please review KB article here: Lightspeed Smart Agent Deployment (macOS 2023)

The new method involves using LightSpeed Certificate Manager. Certificate Manager leverages a cloud-based system to generate and monitor certificates and expiration, automatically pushing new certificate files to devices in the background (without disruption!) to ensure they always are current. In addition, Lightspeed is also leveraging root certificates for the trusting process, meaning that instead of repeatedly needing to re-trust the certificates every time they update - you now only need to trust the first time.

Note: You must use the MacOS Filter Agent 2.3.1+ to use Certificate Manager

Step 1: Click Set up in Certificate Manager to generate your new certificates.
Step 2: Download the public root certificate from Certificate Manager and trust it on your device(s)
Step 3: Confirm you have trusted the certificate to activate Certificate Manager
Step 4: Download and Install the Agent. (By installing the agent after you have trusted the certificate in your keychain, you will avoid the need to wait for a policy update before your device will connect to the internet)
Step 5: The Agent will automatically retrieve and install the required internal files and automatic certificate management will take over.

Ingredients

  • FileWave Central

  • Lightspeed Relay Filter Agent PKG installer (version 2.3.1)

  • Lightspeed Root Certificate

Web Content Filter - In creating a Web Content Filter within FileWave Central it changes the UDID and is unsuccessful in deployment. The issue can be resolved by re-creating the Web Content Filter in FileWave Anywhere as a workaround. The issue should be resolved in the next release. See Known Issues

Download Lightspeed Relay Filter Agent for macOS

  1. Login to your Lightspeed Filter account at relay.school.com

    1. Navigate to Settings > Software

    2. Choose Lightspeed Filter

    3. Select the Mac tab

    4. Select the version of the Relay Filter Agent by clicking on the download icon

    5. Place the downloaded Relay Filter Agent PKG into your Downloads Folder

LightSpeedmacOSFilter.png

Create the Configuration Profile

  1. Open FileWave Central or FileWave Anywhere

  2. Navigate to Filesets > Select New Desktop Fileset > Click on Profile

  3. Enter the name of the Profile: General > Name: Lightspeed Agent Profile

FileWaveLightspeed1.png

Import Root Certificate from Lightspeed Certificate Manager

  1. Select Certificates payload to add your Lightspeed Root Trusted Certificate. 

FileWaveLightspeed2.png

Configure the System Extension Payload

  1. Navigate to System Extension Policy payload, add and enter in the following:

    1. Click + to add Allowed Team Identifiers:
      Team Identifier:  ZAGTUU2342

    2. Click + to add Allowed System Extensions:

      1st Allowed System Extensions:  com.lightspeedsystems.network-agent

      Enter add 2nd Allowed System Extensions with comma after 1st Allowed System Extensions

      2nd Allowed System Extensions: com.lightspeedsystems.network-agent.network-extension
      Click + to add Allowed System Extension Types and check box for Network:
      Team Identifier:  ZAGTUU2342

FileWaveLightspeed3.png

Configure the Web Content Filter Payload

  1. Navigate to Web Content Filter and enter in the following:

    1. Filter Name: Lightspeed Agent

    2. Identifier: com.lightspeedsystems.network-agent 

    3. Filter Options: Firewall / Filter Socket Traffic

    4. Socket Filter Bundle Identifier: com.lightspeedsystems.network-agent.network-extension
      Socket Filter Designated Requirement: anchor apple generic and identifier "com.lightspeedsystems.network-agent.network-extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists / or certificate 1[field.1.2.840.113635.100.6.2.6] / exists / and certificate leaf[field.1.2.840.113635.100.6.1.13] / exists */ and certificate leaf[subject.OU] = ZAGTUU2342)

LightspeedContentFilterv2.3.1.png

The completed configuration profile will have three payloads; these include: Certificates, System Extension Policy and Web Content Filter

FileWaveLightspeed5.png

Import the Relay Filter Agent PKG into FileWave

  1. Navigate to Filesets > Create New Desktop Fileset > Select MSI / PKG

  2. Navigate to your downloaded and select the Relay Filter Agent (version 2.3.1) to upload into the Fileset

  3. Please wait a few moments for the PKG installer to upload into your FileWave server

    FileWaveLightspeed13.png

  4. After successfully uploading, highlight the Fileset > Select Properties

  5. Under the Requirements tab, check the box Platform and check macOS only, then under System Version and checkboxes only for macOS 12.x and 13.x

    FileWaveLightspeed14.png

  6. Click OK to save

Note: If all of your devices are not on macOS 12 or greater, you will want to set the Requirements for the Fileset for macOS 12 and above

Editing the Relay Filter Agent PKG Fileset with Requirement Script

  1. Highlight the newly created Fileset with your Smart Agent PKG
  2. Click on Script in the menu to open Script dialogue window
  3. Highlight Requirement Scripts and click on the Create buttonLightspeedSmartAgentPKG.png
  4. Label script, check_LS.sh
  5. Copy and paste the entire check profile script below:

    #!/bin/zsh

found_profile=""

while [ $# -gt 0 ]
do
	found_profile=$(profiles list all | awk -v search=$1  '$0 ~ search {print $NF}')
	if [ ! -z $found_profile ]
	then
		echo "Found installed profile: $found_profile"
		exit 0
	else
		echo "Did not find $1" 
	fi
	shift
done
 
exit 1
  6. Click OK to save the script
  7. Highlight the check_LS.sh and right-click to select Properties

    LightspeedSmartAgentPKG2.png

  8. Select the Executable tab, under the Launch Arguments tab, click on the + button to add your Lightspeed Agent Profile’s Identifier (found by double-clicking on your Lightspeed Agent Profile)LightspeedSmartAgentPKG3.png
  9. Click OK to Apply to save changes
  10. Close out Properties of the Requirement Script
  11. Click OK to save changes to Smart Agent PKG Fileset

Note: This Requirement scripts verifies that the Lightspeed Agent Profile is installed successfully BEFORE running the installation of Lightspeed.

When all completed, the Fileset contents will include your Relay Filter Agent PKG, Lightspeed Profile and Requirement script.

LightspeedSmartAgentPKG4.png

Creating Fileset Group for your Lightspeed Filter Agent Filesets

Keeping your Filesets organized is good practice, especially if there are multiple Filesets for software deployment. You may create a New Fileset Group, label it Lightspeed Filter Agent (macOS 2024), and move all the Filesets you created into that Fileset Group. Then you may associate the Fileset Group labeled Lightspeed Filter Agent (macOS 2024) to your devices versus individual Filesets.

LightspeedFilesetGroup2024.png

Once all the Filesets and Profile have been created, you may associate the Fileset Group labeled Lightspeed Filter Agent macOS 2024 to a few devices as a test. This is to verify and confirm that the filter is installed and filtering properly based on your configurations. For best practice, always test a few devices before mass deployment.

Related Content

Needing to deploy Lightspeed for iOS devices? Review the KB article here: Lightspeed Smart Filter Deployment (iOS 2023).

Needing to deploy Lightspeed for non-Certificate Manager? Review the KB article here: Lightspeed Smart Filter Deployment (macOS 2023)

Back to top